f24cc53cc2
There was a race condition between QObject::disconnect() and
QMetaObject::activate() which can occur if there are multiple
BlockingQueued connections to one signal from different threads and
they connect/disconnect their connections often.
What can happen in this case is:
T1 is in activate() method and T2 is in disconnect() method
T1 T2
locks sender mutex
selects next connection
unlocks sender mutex
locks sender mutex
sets isSlotObject to false
creates QMetaCallEvent derefs connection
posts event
Two things can happen here:
1. Connection can still be valid, but it will have isSlotObject==false
and callFunction will be used instead of slotObj
2. Connection can already be invalid
To fix it mutex unlock should be moved after QMetaCallEvent creation.
Also there is another case, when we don't disconnect but delete the
receiver object. In this case it can already be invalid during
postEvent, so we need to move mutex unlock after postEvent.
Change-Id: I8103798324140ee11de5b4e10906562ba878ff8b
Reviewed-by: Olivier Goffart (Woboq GmbH) <ogoffart@woboq.com>
Reviewed-by: Marc Mutz <marc.mutz@kdab.com>
|
||
|---|---|---|
| .. | ||
| .gitignore | ||
| qobjectrace.pro | ||
| tst_qobjectrace.cpp | ||